This is a place for me to ruminate about Privacy. Since I work as Google's Global Privacy Counsel, I need to point out that these ruminations are mine, not Google's. Please don't attribute them to Google.

Tuesday, June 18, 2013

Mirror, mirror on the wall, who is the ugliest one of them all?

Many years ago, a legal journal called me a man on a "crusade" to protect users' privacy against government surveillance. That was back in 2007, and since then, the scale and scope of government surveillance has increased dramatically, just as the total amount of data circulating on the Internet has too. I've been blogging about it for years: Should you cover your tracks from government snooping?.

Government surveillance is a worldwide phenomenon. The purposes of government surveillance vary from country to country, from the conventional to the creepy: fighting crime, preventing terrorism, spying on political opponents, stealing trade secrets. In short, everyone does it.

There's always been more focus on government surveillance conducted by the US government, compared to surveillance conducted by other countries. That's understandable, because the US is a big country, with big companies, and big technology resources, but also because the US is comparatively transparent about its surveillance programs and the laws governing them, notwithstanding the recent revelations about certain secret programs.

Transparency is the best answer to worldwide queasiness about government surveillance. Various companies are already publishing data (to the extent that the governments let them) about how and when they respond to government requests. However, I'm not aware of a single government that publishes credible statistics about its own surveillance programs. Governments are not telling their citizens what or how much data they're collecting, why they're doing it, or how long they're keeping it.

In Europe, it's become a parlour game to debate and decry US government surveillance programs. By contrast, there's far less debate or transparency about European government surveillance programs. I can't even count the number of EU Parliament debates about US government surveillance, but I can't remember a single meaningful debate in that chamber about EU governments' surveillance programs. Similarly, media coverage focuses heavily on US government surveillance, and rarely asks hard questions about what other countries are up to, aside from the routine Chinese-hack-a-day stories. And side-lined, the data protection regulators are largely excluded from scrutinizing their own countries' surveillance programs. One of the few exceptions, Richard Thomas, UK Information Commissioner some years ago, tried valiantly to raise the alarm about the risks of "sleep-walk into a surveillance society". More typical, when the French CNIL was created four decades ago, it focused almost entirely on French government data collection and privacy, but today, the CNIL has shifted its focus 180 degrees and focuses almost entirely on private sector privacy issues.

We need more transparency about government surveillance programs, not just in the US, but worldwide. As unsettling as some revelations about the US programs prove to be, it's even worse to know almost nothing about what all these other countries are up to. I understand that a public scandal a day keeps media coverage in play, but the super-secret surveillance programs in Europe and around the world need scrutiny. Thankfully, some legal experts, including privacy scholars at Hogan Lovells, are adding sober analysis of the global dimensions of this challenge to an otherwise shrill and polemical debate. There's no hope of getting transparency about government surveillance programs in China or Russia or Turkey, but there should be vastly more transparency in democratic, privacy-sensitive countries like Europe. For example, we know almost nothing about what the German spy agency collects, and there's very little public discussion of it, despite Germany being one of the most privacy-sensitive countries on earth.

I've spent many years advocating for privacy protections against excessive government surveillance, in a global context. For example, in 2007, I was blogging about government surveillance issues in Sweden. Only governments themselves can provide real transparency. Asking a company like Apple to explain US government surveillance is like asking a fish to explain what the fishing boat is doing.

First, we need more transparency from governments. Then, we can ask the tough questions: Mirror, mirror on the wall, who is the ugliest one of them all?